url: revert the removal of trailing dot from host name

Reverts 5de8d84098db1bd24e (May 2014, shipped in 7.37.0) and the
follow-up changes done afterward.

Keep the dot in names for everything except the SNI to make curl behave
more similar to current browsers. This means 'name' and 'name.' send the
same SNI for different 'Host:' headers.

Updated test 1322 accordingly

Fixes #8290
Reported-by: Charles Cazabon
Closes #8320

diff --git a/lib/url.c b/lib/url.c
index 6561923e3268dc10def31b763bc65fe9a78920d7..a80d605a5eff99295e897d1e47d82663bfeb88d7 100644 (file)
--- a/lib/url.c
+++ b/lib/url.c
@@ -1573,20 +1573,6 @@ bool Curl_is_ASCII_name(const char *hostname)
   return TRUE;
 }
 
-/*
- * Strip single trailing dot in the hostname,
- * primarily for SNI and http host header.
- */
-static void strip_trailing_dot(struct hostname *host)
-{
-  size_t len;
-  if(!host || !host->name)
-    return;
-  len = strlen(host->name);
-  if(len && (host->name[len-1] == '.'))
-    host->name[len-1] = 0;
-}
-
 /*
  * Perform any necessary IDN conversion of hostname
  */
@@ -4053,17 +4039,6 @@ static CURLcode create_conn(struct Curl_easy *data,
    *************************************************************/
   result = resolve_server(data, conn, async);
 
-  /* Strip trailing dots. resolve_server copied the name. */
-  strip_trailing_dot(&conn->host);
-#ifndef CURL_DISABLE_PROXY
-  if(conn->bits.httpproxy)
-    strip_trailing_dot(&conn->http_proxy.host);
-  if(conn->bits.socksproxy)
-    strip_trailing_dot(&conn->socks_proxy.host);
-#endif
-  if(conn->bits.conn_to_host)
-    strip_trailing_dot(&conn->conn_to_host);
-
 out:
   return result;
 }

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 9796c1ff9e9ec3dc50132c2731771dcb0da077e9..5e8a657165ad5877f998cc8350ee146c920dd694 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3254,6 +3254,8 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
        out there that don't work unless the name is lowercased */
     Curl_strntolower(data->state.buffer, hostname, nlen);
     data->state.buffer[nlen] = 0;
+    DEBUGASSERT(nlen);
+    DEBUGASSERT(data->state.buffer[nlen-1] != '.');
     if(!SSL_set_tlsext_host_name(backend->handle, data->state.buffer))
       infof(data, "WARNING: failed to configure server name indication (SNI) "
             "TLS extension");

diff --git a/tests/data/test1322 b/tests/data/test1322
index ffd5048a781d6d6bf937d2050418d6e412fa1e90..ddc9aaa7f5b8063213de3bc4dc195c2b92cf29c6 100644 (file)
--- a/tests/data/test1322
+++ b/tests/data/test1322
@@ -46,7 +46,7 @@ HTTP with --resolve and hostname with trailing dot
 <verify>
 <protocol>
 GET /%TESTNUMBER HTTP/1.1\r
-Host: example.com:%HTTPPORT\r
+Host: example.com.:%HTTPPORT\r
 User-Agent: curl/%VERSION\r
 Accept: */*\r
 \r